The disclosure relates to a method for authenticating a user to a machine, such as a cash machine or a vending machine, or to a user device, in particular a telecommunications device, such as a smartphone, and also relates to a computer program product, a machine and an electronic system.
A challenge-response authentication system for web applications is known from “Snap2Pass: Consumer-friendly Challenge-Response Authentication with a Phone”, Ben Dodson et al., Computer Science Department, Stanford University. In order to log in, the web server sends a QR code to the PC browser of a user, said code containing a cryptographic challenge. The user records an image of the QR code using the camera of his mobile telephone, whereupon the cryptographic response is sent from the mobile telephone to the web server via a mobile telephone link.
This method can be used in the form of “Snap2Pay” and as a payment method (see “Secure, Consumer-Friendly Web Authentication and Payments with a Phone”, Ben Dodson et al., Computer Science Department, Stanford University).